1. 發(fā)送郵件 --- postfix
2. 身份認(rèn)證 --- sasl2
3. 接收郵件 --- dovecot
4. 防病毒郵件 --- clamAV
5. 防垃圾郵件 --- spamassassin
6.控制病毒及垃圾郵件掃描程序 --- amavisd-new
============================
待完善的問(wèn)題:
1. 群發(fā)郵件的權(quán)限設(shè)置
2. 用戶(hù)郵箱的配額限制
============================
完整郵件系統(tǒng)架構(gòu)簡(jiǎn)介
我們知道��,一個(gè)完整的郵件系統(tǒng)應(yīng)該包括以下幾個(gè)重要功能:
基本功能: 發(fā)送郵件����、收取郵件
安全性功能: 收發(fā)郵件的身份認(rèn)證、防病毒�����、防垃圾
完整的郵件系統(tǒng)架構(gòu)流程圖如下:
相關(guān)軟件的安裝及配置
1. 安裝postfix��,同時(shí)讓postfix支持mysql查詢(xún)
# aptitude install postfix postfix-mysql
2. 查看postfix是否支持外部數(shù)據(jù)庫(kù)mysql認(rèn)證
# postconf -m
btree
cidr
environ
hash
internal
mysql
nis
proxy
regexp
sdbm
static
tcp
unix
3. 查看postfix支持的sasl認(rèn)證類(lèi)型
# postconf -a
cyrus
dovecot
4. 安裝cyrus sasl認(rèn)證
# aptitude install sasl2-bin libsasl2-modules-sql
5. 修改/etc/default/saslauthd
START=no ====> START=yes
6. 重啟saslauthd,并驗(yàn)證saslauthd正常工作
# /etc/init.d/saslauthd restart
# testsaslauthd -u {username} -p {password}
若出現(xiàn)如下結(jié)果����,表示saslauthd已正常運(yùn)行,并可進(jìn)行認(rèn)證服務(wù)�����,否則請(qǐng)檢查username和password并重試
0: OK "Success."
注:{username},{password}是登錄linux系統(tǒng)的用戶(hù)名和密碼
7. postfix啟用sasl認(rèn)證
編輯/etc/postfix/main.cf,在最后添加如下內(nèi)容:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
8. 修改/etc/postfix/master.cf��,禁止postfix啟用chroot
smtp inet n - - - - smtpd
rewrite unix - - - - - trivial-rewrite
cleanup unix n - - - 0 cleanup
==========>>>>>>
smtp inet n - n - - smtpd
rewrite unix - - n - - trivial-rewrite
cleanup unix n - n - 0 cleanup
這樣設(shè)置的原因:如果不這么設(shè)置�,則在發(fā)送郵件時(shí)����,總是報(bào)如下錯(cuò)誤�����,且郵件無(wú)法發(fā)送成功:
postfix/trivial-rewrite[10698]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'
postfix/trivial-rewrite[10698]: fatal: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
postfix/smtpd[10394]: warning: problem talking to service rewrite: Success
postfix/master[10386]: warning: process /usr/lib/postfix/trivial-rewrite pid 10698 exit status 1
postfix/smtpd[10697]: warning: problem talking to service rewrite: Connection reset by peer
postfix/master[10386]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling
9. 安裝mysql并創(chuàng)建數(shù)據(jù)庫(kù)和表����,同時(shí)插入數(shù)據(jù)
# aptitude install mysql-client mysql-server
# mysql -u root -p
輸入密碼
# sql> create database mail;
# sql> create table mail.users( id in(8) primary key auto_increment, username varchar(50), password varchar(50), domain varchar(50), quota int(10), maildir varchar(200));
# sql> insert into mail.users(username,password,domain,maildir,quota) values('test','test','tiddy.com','tiddy.com/test/',16000);
# sql> commit;
10. 修改postfix通過(guò)sasl的認(rèn)證方式(pam/shadow/sql/ldap),在/etc/postfix/sasl目錄下新建文件smtpd.conf,內(nèi)容如下:
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: root
sql_passwd: tiddy
sql_database: mail
sql_select: SELECT password FROM users WHERE username = '%u'
11. 在postfix上安裝telnet并進(jìn)行測(cè)試
# aptitude install telnet
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.tiddy.com ESMTP Postfix (Debian/GNU)
auth login
334 VXNlcm5hbWU6
dGVzdA==
334 UGFzc3dvcmQ6
dGVzdA==
235 2.7.0 Authentication successful
mail from:
250 2.1.0 Ok
rcpt to:
250 2.1.5 Ok
data
354 End data with .
Subject: alskdjlasd
lasdjflasdf
.
250 2.0.0 Ok: queued as 4C1FB440E6
postfix sasl mysql認(rèn)證成功
注意:上述紅色標(biāo)記的文字表示經(jīng)過(guò)BASE64編碼的用戶(hù)名(test)和密碼(test)
12. 安裝POP3軟件dovecot
# aptitude install dovecot-pop3d
13. 創(chuàng)建虛擬用戶(hù)(以便該用戶(hù)有權(quán)限訪問(wèn)郵件存放目錄)
# groupadd -g 5000 vmail
# useradd -u 5000 -g 5000 vmail -d /var/vmail -m
14. 配置dovecot
修改/etc/dovecot/dovecot.conf,主要修改如下部分
1) 去掉注釋符號(hào)(#)
base_dir = /var/run/dovecot
2) dovecot所使用的協(xié)議
protocols = pop3 pop3s
3) dovecot所監(jiān)聽(tīng)的端口(*:監(jiān)聽(tīng)所有網(wǎng)絡(luò)端口)
listen = *
4) 打開(kāi)明文密碼認(rèn)證(采用pop3協(xié)議收取郵件時(shí),采用明文密碼認(rèn)證)
disable_plaintext_auth = no
5) 日志文件
log_path = /var/log/dovecot.log
6) debug日志文件
info_log_path = /var/log/dovecot.info
7) 每行日志輸出的前綴
log_timestamp = "%Y-%m-%d %H:%M:%S "
8) 客戶(hù)端用pop3協(xié)議收取郵件時(shí)的服務(wù)器收取路徑
mail_location = maildir:/var/vmail/%d/%n/
9) 是否開(kāi)啟debug(測(cè)試階段使用�,正式投入使用后,最好關(guān)閉)
mail_debug = yes
10) dovecot的pop3認(rèn)證
auth default {
#認(rèn)證方式
mechanisms = plain login
#認(rèn)證過(guò)程中的密碼查詢(xún)方式(采用sql查詢(xún))
passdb sql {
# Path for SQL configuration file
args = /etc/dovecot/dovecot-sql.conf
}
#認(rèn)證過(guò)程中的用戶(hù)查詢(xún)方式(采用sql查詢(xún))
userdb sql {
# Path for SQL configuration file
args = /etc/dovecot/dovecot-sql.conf
}
#監(jiān)聽(tīng)客戶(hù)端socket以便隨時(shí)發(fā)現(xiàn)客戶(hù)端發(fā)起的用戶(hù)身份認(rèn)證
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
15. 修改/etc/dovecot/dovecot-sql.conf
1) 數(shù)據(jù)庫(kù)驅(qū)動(dòng)
driver = mysql
2) 數(shù)據(jù)庫(kù)連接信息
connect = host=localhost dbname=mail user=root password=tiddy
3) 數(shù)據(jù)庫(kù)密碼的加密方式(PLAIN:明文方式���,不加密)
default_pass_scheme = PLAIN
4) 數(shù)據(jù)庫(kù)查詢(xún)語(yǔ)句
password_query = SELECT username, domain, password FROM users WHERE username = '%n'
user_query = SELECT maildir, 5000 AS uid, 5000 AS gid FROM users WHERE username = '%n'
16. 重新修改/etc/postfix/main.cf(注意:有的內(nèi)容已經(jīng)存在或添加過(guò)�,請(qǐng)務(wù)必不要重復(fù)添加)
######################## 基本配置 ##########################
myhostname = postfixsvr
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = tiddy.com
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#我們使用虛擬網(wǎng)域virtual_mailbox_domains變量來(lái)決定哪些網(wǎng)域的郵件可以被投遞�����,此處注釋掉
#relay_domains = tiddy.com
#mydestination = tiddy.com
##################### 啟用SASL Auth ########################
# 設(shè)定 Postfix 使用 SASL 認(rèn)證��。
smtpd_sasl_auth_enable = yes
# 設(shè)定 SASL 支持非標(biāo)準(zhǔn) E-mail Client 的認(rèn)證動(dòng)作�。
broken_sasl_auth_clients = yes
# 不使用 ANONYMOUS 這個(gè)認(rèn)證。
smtpd_sasl_security_options = noanonymous
# 對(duì)收件人�����,發(fā)件人的限制(允許授權(quán)認(rèn)證用戶(hù),本地網(wǎng)絡(luò)用戶(hù)<即mynetwork定義的網(wǎng)絡(luò)客戶(hù)端>�����,其他一律拒絕)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject
# 客戶(hù)端限制(允許授權(quán)認(rèn)證客戶(hù)端�,本地網(wǎng)絡(luò)客戶(hù)端<即mynetwork定義的網(wǎng)絡(luò)客戶(hù)端>���,其他一律拒絕)
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject
# 認(rèn)證類(lèi)型
smtpd_sasl_type = dovecot
# sasl認(rèn)證路徑(注意與dovecot配置文件/etc/dovecot/dovecot.conf中的socket listen內(nèi)容path末端保持一致)
smtpd_sasl_path = private/auth
############################### 虛擬郵箱 #####################################
# 虛擬郵箱的根路徑
virtual_mailbox_base = /var/vmail
# 虛擬郵箱映射表
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
# 虛擬網(wǎng)域
virtual_mailbox_domains = tiddy.com
# 虛擬別名映射表(用戶(hù)郵箱別名�,郵件群組都由該參數(shù)決定���,群組也是別名的一種形式)
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
# 哪些用戶(hù)可以訪問(wèn)虛擬郵箱
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
########################### 郵件投遞程序 #################################
virtual_transport = virtual
########################## 郵箱容量限制################################
#每封信的最大大小(10M)�,postfix的默認(rèn)值為10M�����,但這指的是郵件正文和
#編碼后附件的總和���,經(jīng)過(guò)base64編碼����,附件的大小會(huì)增加35%左右,因此這里設(shè)定郵件大小為14M
message_size_limit = 14336000
# 如果使用Courier maildir++ quotas,則使用yes,默認(rèn)為no
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
#默認(rèn)郵箱大小限制
virtual_mailbox_limit = 16000000
#是否允許覆蓋默認(rèn)的郵箱大小設(shè)置����。
virtual_mailbox_limit_override = yes
# no限制整個(gè)maildir,yes只限制inbox,默認(rèn)為no
virtual_mailbox_limit_inbox = no
#針對(duì)每個(gè)用戶(hù)的限制
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
# 這個(gè)選項(xiàng)在未設(shè)置’virtual_maildir_limit_message_maps’時(shí),如果用戶(hù)超出了限額的提示信息
virtual_maildir_limit_message = Sorry, overquota
# yes的話使用5xx錯(cuò)誤,no使用4xx錯(cuò)誤,郵件還是會(huì)被放入隊(duì)列
virtual_overquota_bounce = yes
# 是否在計(jì)算限額時(shí)加上垃圾文件夾,這個(gè)選項(xiàng)需要virtual_trash_name配合,默認(rèn)為no
virtual_trash_count = no
# 設(shè)置垃圾文件夾名稱(chēng),默認(rèn)值為:.Trash
virtual_trash_name = “.Trash”
17. 創(chuàng)建相關(guān)文件
(1) 創(chuàng)建文件/etc/postfix/mysql_virtual_mailbox_maps.cf,內(nèi)容如下(下面內(nèi)容其實(shí)是查詢(xún)數(shù)據(jù)庫(kù)�����,具體語(yǔ)句涵義不再贅述):
user = root
password = tiddy
hosts = localhost
dbname = mail
table = users
select_field = maildir
where_field = username
(2) 創(chuàng)建文件/etc/postfix/mysql_virtual_alias_maps.cf����,內(nèi)容如下(下面內(nèi)容其實(shí)是查詢(xún)數(shù)據(jù)庫(kù),具體語(yǔ)句涵義不再贅述):
user = root
password = tiddy
hosts = localhost
dbname = mail
table = alias
select_field = goto
where_field = address
18. 數(shù)據(jù)庫(kù)結(jié)構(gòu)
數(shù)據(jù)庫(kù)名稱(chēng):mail
數(shù)據(jù)庫(kù)表users( id in(8) primary key auto_increment, username varchar(50), password varchar(50), domain varchar(50), quota int(10), maildir varchar(200))
數(shù)據(jù)庫(kù)表alias( id int(8) primary key auto_increment, address varchar(100), goto varchar(5000), isgroup int(2))
注意:
